Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-5020 | 1 Awstats | 1 Awstats | 2010-12-02 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||||
| CVE-2010-4356 | 1 Site2nite | 1 Big Truck Broker | 2010-12-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. | |||||
| CVE-2010-4357 | 1 Boka | 1 Siteengine | 2010-12-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comments.php in SiteEngine 7.1 allows remote attackers to execute arbitrary SQL commands via the module parameter. | |||||
| CVE-2010-4359 | 1 Jurpo | 1 Jurpopage | 2010-12-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2010-4360 | 1 Jurpo | 1 Jurpopage | 2010-12-01 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) note and (2) pg parameters, different vectors than CVE-2010-4359. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4361 | 1 Jurpo | 1 Jurpopage | 2010-12-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in url-gateway.php in Jurpopage 0.2.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-4365 | 2 Harmistechnology, Joomla | 2 Com Jeajaxeventcalendar, Joomla\! | 2010-12-01 | 7.5 HIGH | N/A |
| SQL injection vulnerability in JE Ajax Event Calendar (com_jeajaxeventcalendar) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event_id parameter in an alleventlist_more action to index.php. | |||||
| CVE-2009-5017 | 1 Mozilla | 1 Firefox | 2010-11-30 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong UTF-8 encoding, which makes it easier for remote attackers to bypass cross-site scripting (XSS) protection mechanisms via a crafted string, a different vulnerability than CVE-2010-1210. | |||||
| CVE-2010-4354 | 1 Cisco | 9 Asa 5500, Pix 500, Vpn 3000 Concentrator and 6 more | 2010-11-30 | 5.0 MEDIUM | N/A |
| The remote-access IPSec VPN implementation on Cisco Adaptive Security Appliances (ASA) 5500 series devices, PIX Security Appliances 500 series devices, and VPN Concentrators 3000 series devices responds to an Aggressive Mode IKE Phase I message only when the group name is configured on the device, which allows remote attackers to enumerate valid group names via a series of IKE negotiation attempts, aka Bug ID CSCtj96108, a different vulnerability than CVE-2005-2025. | |||||
| CVE-2010-4173 | 1 Openfabrics | 1 Libsdp | 2010-11-29 | 3.3 LOW | N/A |
| The default configuration of libsdp.conf in libsdp 1.1.104 and earlier creates log files in /tmp, which allows local users to overwrite arbitrary files via a (1) symlink or (2) hard link attack on the libsdp.log.##### temporary file. | |||||
| CVE-2010-4302 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2010-11-29 | 4.9 MEDIUM | N/A |
| /opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses a weak hashing algorithm for the (1) administrator and (2) operator passwords, which makes it easier for local users to obtain sensitive information by recovering the cleartext values, aka Bug ID CSCti54010. | |||||
| CVE-2010-4303 | 2 Cisco, Linux | 5 Unified Videoconferencing System 5110, Unified Videoconferencing System 5110 Firmware, Unified Videoconferencing System 5115 and 2 more | 2010-11-29 | 4.9 MEDIUM | N/A |
| Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the Linux operating system is used, uses world-readable permissions for the /etc/shadow file, which allows local users to discover encrypted passwords by reading this file, aka Bug ID CSCti54043. | |||||
| CVE-2010-4304 | 1 Cisco | 14 Unified Videoconferencing System 3515 Multipoint Control Unit, Unified Videoconferencing System 3515 Multipoint Control Unit Firmware, Unified Videoconferencing System 3522 Basic Rate Interface Gateway and 11 more | 2010-11-29 | 6.4 MEDIUM | N/A |
| The web interface in Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) uses predictable session IDs based on time values, which makes it easier for remote attackers to hijack sessions via a brute-force attack, aka Bug ID CSCti54048. | |||||
| CVE-2010-4305 | 1 Cisco | 14 Unified Videoconferencing System 3515 Multipoint Control Unit, Unified Videoconferencing System 3515 Multipoint Control Unit Firmware, Unified Videoconferencing System 3522 Basic Rate Interface Gateway and 11 more | 2010-11-29 | 5.0 MEDIUM | N/A |
| Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and 5230; Unified Videoconferencing 3527 Primary Rate Interface (PRI) Gateway; Unified Videoconferencing 3522 Basic Rate Interfaces (BRI) Gateway; and Unified Videoconferencing 3515 Multipoint Control Unit (MCU) improperly use cookies for web-interface credentials, which allows remote attackers to obtain sensitive information by reading a (1) cleartext or (2) base64-encoded cleartext cookie, aka Bug ID CSCti54052. | |||||
| CVE-2010-1318 | 1 Realnetworks | 3 Helix Mobile Server, Helix Server, Helix Server Mobile | 2010-11-23 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2010-1378 | 1 Apple | 1 Mac Os X | 2010-11-21 | 7.5 HIGH | N/A |
| OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority. | |||||
| CVE-2010-2057 | 1 Apache | 1 Myfaces | 2010-11-18 | 5.0 MEDIUM | N/A |
| shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack. | |||||
| CVE-2010-4200 | 2010-11-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-4008. Reason: This candidate is a duplicate of CVE-2010-4008. Notes: All CVE users should reference CVE-2010-4008 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2009-2624 | 1 Gnu | 1 Gzip | 2010-11-17 | 6.8 MEDIUM | N/A |
| The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. | |||||
| CVE-2010-3868 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2010-11-17 | 5.8 MEDIUM | N/A |
| Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component. | |||||